Wiki Article

Problems starting Windows Defender in Windows 8/8.1/10

Technical Level : Intermediate

Summary

Windows Defender in Windows 8/8.1/10 sometimes do not start automatically and may report an error when started manually. This wiki describes some methods that can be used to fix the problem.

Details

Sometimes, due to various factors, Windows Defender do not start automatically when Windows starts and when Windows Defender is started manually via Action Center it may display an error code. Factors contributing to these issues may include malware infection, software conflicts (possibly with another antivirus program), corrupted registry, etc.

When you encounter these problems, here are some things you can try:

1. Restart your PC

Many times the issue is resolved by simple restart.

2. Remove existing antivirus and antispyware software

If your PC still has another antivirus installed or if one was installed previously then you should use appropriate removal tool to remove all third party antivirus and antispyware programs. You can download removal tools from here:

List of antivirus product removal tools

3. Scan your PC for malwares

This wiki lists out some malware scanners recommended here:

List of Malware Removal Tools

Start your PC in Safe Mode to perform a scan. http://windows.microsoft.com/en-us/windows-8/windows-startup-settings-safe-mode or http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/

4. SFC scan

System File Checker (SFC) tool repairs corruption in system files. Use this tool to verify whether Windows Defender is corrupted or not. Follow this KB article:

https://support.microsoft.com/en-us/kb/929833

5. Clean Boot

Start your PC in clean boot status to ensure any 3rd party application is not conflicting with Windows Defender. Here is a support article that will help you:

How to perform a clean boot to troubleshoot a problem in Windows

6. Restart Security Center Service

As reported in this and this thread, restarting Security Center service can help in solving the problem. To restart Security Center service, follow these steps:

  1. Press Windows key + R. This will open Run. Alternatively, you can go to Start and search for 'Run'.
  2. In Run dialog box, type 'services.msc' and hit enter.
  3. In Services, search for 'Security Center'.
  4. Right click on 'Security Center' and click on 'Restart'.

7. Delete conflicting Registry Entry

Some malwares adds malicious entries in registry that blocks real antiviruses from running. To remove these entries, follow these steps:

  1. Press Windows key + R. This will open Run. Alternatively, you can go to Start and search for 'Run'.
  2. In Run dialog box, type 'regedit' and hit enter. This will open Registry Editor.
  3. In Registry Editor, navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options.
  4. In this key, if you find any entry for MSASCui.exe, MpCmdRun.exe or MsMpEng.exe then right click on it and click on Delete. If you do not find any of these entry then it is normal and you don't need to do anything.

8. Enabling Windows Defender from Group Policy

Important: You must proceed with this step only after trying all the steps mentioned above.

If you are facing an error like "This app is turned off by Group Policy" then Windows Defender can be manually enabled via registry. Windows Defender is disabled by Windows if it detects presence of another antivirus. Therefore, before enabling it manually, it must be ensured that there are no conflicting softwares and system is not infected. To enable Windows Defender manually, follow these steps:

  1. Press Windows key + R. This will open Run. Alternatively, you can go to Start and search for 'Run'.
  2. In Run dialog box, type 'regedit' and hit enter. This will open Registry Editor.
  3. In Registry Editor, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender.
  4. If you see a registry entry named DisableAntiSpyware, then change its value to 0. If you don't find this registry key then add this it. To do that, right click on Windows Defender key and go to New > DWORD. Give this DWORD name 'DisableAntiSpyware' and value 0. Registry will then look like this:

If these steps doesn't solve your problem, please post a question in Virus and Malware forum with as much details as you can give and results of all the methods you have tried.

Special thanks to:

Le Boule, Stephen Boots, Kosh Vorlon, PA Bear - MS MVP, Jsssssssss

Further Reading

Windows Defender on Windows 8 - Introduction and Frequently Asked

Comments (30)

progress